| 1 | # |
|---|
| 2 | # AuthN WSGI Testing environment configuration |
|---|
| 3 | # |
|---|
| 4 | # The %(here)s variable will be replaced with the parent directory of this file |
|---|
| 5 | # |
|---|
| 6 | [DEFAULT] |
|---|
| 7 | testConfigDir = %(here)s/../../../config |
|---|
| 8 | beakerSessionKeyName = beaker.session.ndg.security |
|---|
| 9 | |
|---|
| 10 | [server:main] |
|---|
| 11 | use = egg:Paste#http |
|---|
| 12 | host = 0.0.0.0 |
|---|
| 13 | port = 5000 |
|---|
| 14 | |
|---|
| 15 | [pipeline:main] |
|---|
| 16 | pipeline = SSLClientAuthNFilter |
|---|
| 17 | BeakerSessionFilter |
|---|
| 18 | AuthnRedirectInitiatorFilter |
|---|
| 19 | AuthnRedirectResponseFilter |
|---|
| 20 | TestApp |
|---|
| 21 | |
|---|
| 22 | [app:TestApp] |
|---|
| 23 | paste.app_factory = ndg.security.test.unit.wsgi.authn.test_authn:TestAuthnApp |
|---|
| 24 | |
|---|
| 25 | [filter:BeakerSessionFilter] |
|---|
| 26 | paste.filter_app_factory = beaker.middleware:SessionMiddleware |
|---|
| 27 | |
|---|
| 28 | # Cookie name |
|---|
| 29 | beaker.session.key = ndg.security.session |
|---|
| 30 | |
|---|
| 31 | # WSGI environ key name |
|---|
| 32 | environ_key = %(beakerSessionKeyName)s |
|---|
| 33 | beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW |
|---|
| 34 | beaker.cache.data_dir = %(here)s/authn/beaker/cache |
|---|
| 35 | beaker.session.data_dir = %(here)s/authn/beaker/sessions |
|---|
| 36 | |
|---|
| 37 | # Redirect HTTPS based endpoint for SSL client Based authentication |
|---|
| 38 | [filter:AuthnRedirectInitiatorFilter] |
|---|
| 39 | paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware |
|---|
| 40 | prefix = authN. |
|---|
| 41 | authN.redirectURI = /ssl-client-authn/ |
|---|
| 42 | #authN.redirectURI = http://localhost:5800/verify |
|---|
| 43 | |
|---|
| 44 | # AuthKit Set-up |
|---|
| 45 | authkit.setup.method=cookie |
|---|
| 46 | |
|---|
| 47 | # This cookie name and secret MUST agree with the name used by the security web |
|---|
| 48 | # services app |
|---|
| 49 | authkit.cookie.name=ndg.security.auth |
|---|
| 50 | authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr |
|---|
| 51 | authkit.cookie.signoutpath = /logout |
|---|
| 52 | |
|---|
| 53 | # Disable inclusion of client IP address from cookie signature due to |
|---|
| 54 | # suspected problem with AuthKit setting it when a HTTP Proxy is in place |
|---|
| 55 | authkit.cookie.includeip = False |
|---|
| 56 | |
|---|
| 57 | # environ key name for beaker session |
|---|
| 58 | authkit.session.middleware = %(beakerSessionKeyName)s |
|---|
| 59 | |
|---|
| 60 | # Following SSL client authentication redirect back to the URI the client |
|---|
| 61 | # initially requested |
|---|
| 62 | [filter:AuthnRedirectResponseFilter] |
|---|
| 63 | paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthnRedirectResponseMiddleware |
|---|
| 64 | |
|---|
| 65 | [filter:SSLClientAuthNFilter] |
|---|
| 66 | paste.filter_app_factory = ndg.security.server.wsgi.ssl:AuthKitSSLAuthnMiddleware |
|---|
| 67 | prefix = ssl. |
|---|
| 68 | ssl.caCertFilePathList = %(testConfigDir)s/ca/ndg-test-ca.crt |
|---|
| 69 | ssl.rePathMatchList = ^/ssl-client-authn.* |
|---|
